Vulnerability Management Cyber Security
Resume:
Desmond Towns
Snellville Ga. 30039
PROFESSIONAL SUMMARY
INTEGRITY PERSEVERANCE ACCOUNTABILITY
Experienced Senior Cyber Security Engineer skilled at security reconnaissance, vulnerability management, developing & designing, planning and implementing complex networks with a focus on efficiency and performance optimization. Detail- oriented and proactive with strong troubleshooting training communication and analytical abilities.
Certifications
CNE
CCDA
MCSE
Six Sigma
CCI
ITIL3
CCNA
AVAYA switch
Systems
Medigate probes
Logrhythm SIEM
Tenable scanners
Cisco 6513 layer 3 switch
Citrix Netscaler Load Balancer
F5 Networks Load Balancer
Cisco 6509 layer 3 switch
Cisco ASA5545 firewall
Cisco ASA5585
Cisco FMC
Cisco 4110 Firewalls
Cisco 2110 Firewalls
Cisco 3550 switch
Cisco Pix 505, 515, 525 Firewalls
Cisco 3560 switch
Solarwinds Network Management
Cisco CSS 11500 load balancer
Netscout Infinistream Network Management
IBM Blade Server (IGESM)
Riverbed network accelerator
Nexus 3850 switch
Nexus 9500 Core switch
Cisco FMC Firepower
Wireshark
Cisco 4700 ACE Load Balancers
Citrix Netscaler Load Balancers
Cisco Umbrella
GRADY:
Projects
Develop and rollout a Vulnerability Management program
Develop a vulnerability management program that outline the steps to remediate vulnerabilities. This program outlined SLA’s for all levels of vulnerabilities, Created flow chart of the process to manage vulnerabilities and a escalation path. Established schedules to meet with the different teams to discuss new vulnerabilities and review their remediation plans. Keeping the records of all remediated vulnerabilities for future audits was one of the responsibilities of this position.
Managed the rollout of the Logrhythm SIEM
Worked in tandem with Logrythm to rollout their SIEM solution for Grady. Established logging to be used for the reporting feature. Network certificate management
Managed all SSL certificate renewals on our forward proxy’s and internal proxy’s. Developed a system to manage expiration dates of all certificates. Partner Gateway design and implementation
Designed a new partner gateway that included more redundancy by adding ISR4451 routers for traffic separation, using VRF’s and BGP to manage client traffic as it got passed to the upsteam 9300 switches that terminated into FPR4110 firewalls for security.
Legacy firewall / DMZ migration to new infrastructure
Created the migration to move from a ASA525 firewall’s to the FPR4110. This project required migration of all acl rules, NAT’s, Policies, Routing, and interfaces. It also required creating sub-interfaces to maintain multiple DMZ’s until all traffic could be relocated to the new DMZ.
Firepower Security rollout
Migrated the Cisco Firepower solution into the FMC for full console management. Configuring IDS/IPS, Security Intelligence, AMP advanced malware protection and are part of this solution
SITA:
Cloud migration of all global data centers
As the lead engineer on this project I have managed all phases of the migration. With data centers in Singapore, Atlanta and France I designed and architected the Layer 2 fiber migration infrastructure.
To implement all new technology into the cloud data center I had to design the security structure within the new VDC. Since we are a global company I had to consider GDPR standards as well as local security implentations such as Cisco's Firepower (NGIPS virtual) to handle our IDS/IPS management, URL Filtering, IP blacklisting in conjunction with the Cisco Taleos cloud. SIEM management systems that organizes and stores all system logs.
I developed all documentation that was used as the guide to implement testing procedures of the layer 2 circuits, bandwidth baselines, vlan translations, VEEM replication services, Virtual Port Channel archetecture, and spanning tree service.
WAN migration from each Legacy data center into the cloud was planned and executed in conjuction with the service providers architects knowledge of their MPLS network and BGP route updates. As a requirement of this migration I designed the HSRP implementation between legacy and cloud data center routers to allow for a Minimum outage during internet and private WAN cut over.
One of my many tasks in this project was to design and implement the legacy network enviroment into the cloud. In doing so I managed a competitive bid process between multiple vendors to acquire the new virtual network appliances for the cloud VDC. Some of the products purchased were Cisco's ASAv's, Cisco's NGIPS, BIG IP's F5's and Riverbeds network accelerators. In this project I have managed over 3 million dollars of purchases and used a BAP report to justify Capex expenditures. Implemented IP/VPN intra-network between Sita peer organizations
I managed and oversaw the design and rollout of a IP/VPN network that merged together Sita’s peer organizations in France, Montreal, Atlanta and Singapore
In this project I coordinated with service providers, executed circuit turn ups, local POPs security considerations and design, equipment
Led procurement (routers, switches, etc.) and timeline management Network core upgrade/migration
As part of our initiative to keep all production devices up to date to meet our SLA requirements I designed and managed the rollout and migration of Sita’s degrading core to new Nexus 9500 10 gig core solution
I coordinated the procurement of all new products as well as designed the floor plan layout of new rack space in the Singapore data center
This migration was between our Singapore data center and the Atlanta data center
Creating process plans for all aspects of the migration and the overall migration strategy were some of my many responsibilities on this project. Building a new Testbed
Our production environment is being constantly upgraded and evaluated to meet the most current technological standards
I was responsible for building a testbed environment to match our product network Experience
Grady Health Systems
September 2019 – Present
Senior Security Engineer
In this role my responsibility is to manage and strengthen the edge and internal security of all perimeter facing firewalls, east/west traffic, as well as core cluster firewall traffic flow and security.
I support our SIEM operation powered by Logrhythm. I was able to get the logging of several critical sources setup in the SIEM and work on some reporting but the task of building a SIEM requires a department of resources. Grady pivoted and elected to interview some MSSP’s to serve as SOC and professional consultants in implementing this solution. I was responsible for the interviewing process and created a vendor matrix to compare the strengths and weaknesses of these vendors.
I am responsible for the Vulnerability management for all of Grady. By leveraging the Tenable scanners and working with our vendor CyberOne I am able to gain a full picture of the vulnerability footprint within Grady. I use this data to have bi-weekly vulnerability meetings with each department and highlight risks by categorizing them into distinct classes (critical, High, Medium, and low). I work with all teams to remediate these risk.
I work with companies like Mandiant and Risk Recon to run PEN tests of our external security as well as consult on our risk posture North and South.
Managing vendors VPN connections across our FPR2110 vpn solution is one of my daily responsibilities. I have built tunnels between many different vendor vpn solutions supporting IKEv1, and the more secure IKEv2.
With Grady having multiple external domains and DMZ services I am responsible for managing our GSLB solution as well as the local LB solution on Citrix Netscaler Load Balancers. By hosting our own sub-domains on our Load Balancers we were able to work seamlessly with the DNS services establish FQDN’s, Cnames, Arecords and Alias’ that directed traffic to those external load balancers. As a move to migrate away from the Netscaler solution on the internal load balancers and give us more vendor diversity we implemented the BIG IP F5 solution. I have worked in conjunction with our vendor Optiv to support this solution.
As the Senior engineer one of my many responsibilities is to design and document new implementations and document existing network layouts that were previously unknown. My tool of choice for design is VISIO.
Running Penetration test using Varonis is a part of a monthly check to ensure that we have no unknown openings leaving us vulnerable to external threats.
Blacklisting and Whitelisting URL’s and certain domains through Cisco’s Umbrella product is another tool that we depend on daily to protect and remediate unforeseen threats.
Managing projects to include product procurement, project design, network runbooks for all changes and implmentations, organizing strategy meetings, and setting goals and timelines are some of the many responsibilities that I have in this role.
Upgrading aging network security inventory as well as keeping up to date patches installed to prevent penetration of the edge security is also under my responsibilities.
Security Gap Analysis is a task and service that I manage. By doing an independent review of Grady’s / parterners external firewall acl’s and polices as well as their external load balancer SSL offerings (SSLv3, TLSv1, TLSv2, TLSv3) I am able to create a report of recommendation for remediation actions.
SITA
August 2005 – September 2019
Lead Systems Analyst
As lead engineer I’m responsible for the design and implementation strategy of messaging’s local and global infrastructure, application, design and support
Designed and implemented many strategies, one of them being the IP/VPN intra-network matrix that Sita uses today to communicate between our peer organizations in France, Singapore and Atlanta
Sita’s messaging core consist of Cisco catalyst 6509/6513’s with Sup 720 routing modules, Nexus 9500’s, content switches CSS 11500/ ACE 4700 / F5’s, 3550/3560/3800 edge appliances, and ASA 525 & 5545’s
Performed security design and implementation
Introduced and implemented the Cisco “FirePower” Security solution in our network
Led the strategy for integrating SDN software defined networking
Leverage Solarwinds network management platform to provide insight into all network device availability, as well as Network general’s Infini-stream used for real-time and trend packet analysis
Among my many responsibilities I was also responsible for the development and implementation of our Life Cycle Management strategy
By combining inventory management, asset tracking, EOL/EOS milestones and hardware/software trending analysis I was able to develop a database to manage this process
The core messaging operation is a 24/7 service that promises a five 9’s guarantee
Providing QOS and traffic shaping on different topologies is also part of the many responsibilities
Documenting and mapping our network with such tools as Visio and MS Word are daily responsibilities in this position as well as PowerPoint presentations and training
Maintaining business flow management processes by conducting weekly change management meetings, and using such tools as ARS and Trillium to support these processes are some of the operational duties required by this role T-N-T Technical Services
May 2004 – June 2005
Project Manager/Lead Engineer
As project manager and lead engineer I coordinated application training, implementation of servers and workstations, firewall design and implementation, router installs and configurations, VPN setups, MS Exchange administration and service provider contract procurement
I provided support on MS 2000/2003 and Small Business server in the local environment
My WAN experience includes configuring Cisco 2600 routers, 2900 switches, and watchguard firewall
Education: Control Data Institute, Atlanta, Ga. 8/1986 – 6/1988 Associate Technology Degree: Specializing in the support and development of computer software/ hardware and operating systems. Morehouse College, Atlanta, Ga. 8/1983 – 6/1985
Major: Business Administration, with a focus on Computer Science. Lakeshore High school, College Park 8/1979 – 6/1983 Selected as the top student athlete in my graduation class. (Order of the Lance)
References available upon request
Contact this candidate